Update SNP guest attestation

1. Update SEV-SNP testcase and config to support
snpguest tool installation from source.
2. Enhance CPU model detection for broader platform support.
3. Update SNP policy values, add a debug policy variant
4. Improve error handling in the testcase script.
5. Rename snp_basic_config.py and snp_basic_config.cfg
to snp_attestation.py and snp_attestation.cfg for clarity.

Signed-off-by: Srikanth Aithal <[email protected]>

Author: bssrikanth

qemu/tests/cfg/snp_basic_config.cfg renamed to qemu/tests/cfg/snp_attestation.cfg

@@ -1,12 +1,13 @@
-- snp_basic_config:
-    type = snp_basic_config
+- snp_attestation:
+    type = snp_attestation
     only Linux
     kill_vm = yes
     login_timeout = 240
     start_vm = no
     image_snapshot = yes
     mem = 8192
     smp = 8
+    required_qemu = [9.1.0, )
     vm_secure_guest_type = snp
     vm_sev_reduced_phys_bits = 1
     vm_sev_cbitpos = 51
@@ -16,10 +17,14 @@
     module_status = Y y 1
     snp_guest_check = "journalctl|grep -i -w snp"
     guest_tool_install = "dnf install -y snpguest"
+    snpguest_sourcebuild = 1
     attestation_script = regular_attestation_workflow.sh
+    snpguest_install_script = snpguest_install.sh
     guest_dir = /home
     guest_cmd = ${guest_dir}/${attestation_script}
     host_script = sev-snp/${attestation_script}
+    snpguest_buildcmd = "${guest_dir}/${snpguest_install_script} --repo https://github.com/virtee/snpguest.git --tag v0.9.1"
+    snpguest_build_location = sev-snp/${snpguest_install_script}
     variants:
         - policy_default:
             snp_policy = 196608
@@ -29,5 +34,9 @@
             vm_secure_guest_object_options = "policy=${snp_policy}"
         - policy_singlesocket:
             socket_count_cmd = 'lscpu |grep Socket|head -1 | cut -d ":" -f 2 | tr -d " "'
-            snp_policy = 77824
+            snp_policy = 1245184
+            vm_secure_guest_object_options = "policy=${snp_policy}"
+        - policy_singlesocket_debug:
+            socket_count_cmd = 'lscpu |grep Socket|head -1 | cut -d ":" -f 2 | tr -d " "'
+            snp_policy = 1769472
             vm_secure_guest_object_options = "policy=${snp_policy}"

qemu/tests/snp_basic_config.py renamed to qemu/tests/snp_attestation.py

@@ -36,12 +36,22 @@ def run(test, params, env):
         if int(process.getoutput(socket_count_cmd, shell=True)) != 1:
             test.cancel("Host cpu has more than 1 socket, skip the case.")
 
-    family_id = cpu.get_family()
-    model_id = cpu.get_model()
-    dict_cpu = {"251": "milan", "2517": "genoa", "2617": "turin"}
-    key = str(family_id) + str(model_id)
-    host_cpu_model = dict_cpu.get(key, "unknown")
-
+    family_id = int(cpu.get_family())
+    model_id = int(cpu.get_model())
+    dict_cpu = {
+        "milan": [25, 0, 15],
+        "genoa": [25, 16, 31],
+        "bergamo": [25, 160, 175],
+        "turin": [26, 0, 31],
+    }
+    host_cpu_model = None
+    for platform, values in dict_cpu.items():
+        if values[0] == family_id:
+            if model_id >= values[1] and model_id <= values[2]:
+                host_cpu_model = platform
+    if not host_cpu_model:
+        test.cancel("Unsupported paltform. Requires milan or above.")
+    test.log.info("Detected platform: %s", host_cpu_model)
     vm_name = params["main_vm"]
     vm = env.get_vm(vm_name)
     vm.create()
@@ -67,14 +77,20 @@ def run(test, params, env):
         host_file = os.path.join(deps_dir, host_script)
         try:
             vm.copy_files_to(host_file, guest_dir)
-            session.cmd_output(params["guest_tool_install"], timeout=240)
+            if params.get("snpguest_sourcebuild", "0") == "1":
+                snpguest_build_location = params["snpguest_build_location"]
+                install_snpguest = os.path.join(deps_dir, snpguest_build_location)
+                vm.copy_files_to(install_snpguest, guest_dir)
+                session.cmd_output(params["snpguest_buildcmd"], timeout=360)
+            else:
+                session.cmd_output(params["guest_tool_install"], timeout=240)
             session.cmd_output("chmod 755 %s" % guest_cmd)
         except Exception as e:
             test.fail("Guest test preperation fail: %s" % str(e))
         guest_cmd = guest_cmd + " " + host_cpu_model
         s = session.cmd_status(guest_cmd, timeout=360)
         if s:
-            test.fail("Guest script error")
+            test.fail("Guest script error, check the session logs for further details")
     finally:
         session.close()
         vm.destroy()